mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: "brian m. carlson" <>
To: "Peterson, Alex" <>
Subject: Re: Temporary credentials timeout during long operations
Date: Wed, 26 Aug 2020 01:44:26 +0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

[-- Attachment #1: Type: text/plain, Size: 1658 bytes --]

[Please keep the list in CC.  Other people may have important
contributions to the discussion, and due to weather, I may be offline at
some point in the future and be unable to respond.]

On 2020-08-26 at 00:18:05, Peterson, Alex wrote:
> Hi Brian,
> Unfortunately, even if the server returns a 401, git will retry but with the old expired credentials which will fail.  I believe it is because of this line that checks if a username/password already exists (which it does)
> In my test I cleared the username and password to force it to re-request credentials and that worked OK.

Ah, yes.  In that case, it looks like we call credential_reject and then
return HTTP_NOAUTH.  I think the assumption is that the credential
helper returns a consistent set of credentials and once we've told the
credential helper to reject them, then the user can push again and be
prompted for new credentials.

I would be open to seeing a patch which, the first time through,
returned HTTP_REAUTH.  We wouldn't want to do that indefinitely, since
that would mean that the user would get stuck in a loop if the
credentials were wrong.

I will say that my gut tells me that it's generally a reasonable
assumption that credentials are valid for the life of a push, whatever
that is, so while I'm not opposed to seeing a patch to improve this, I'm
not especially sympathetic to using credentials that have such a short
lifetime that this occurs, even if I am in general in support of
short-lived credentials.
brian m. carlson: Houston, Texas, US

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]

      parent reply	other threads:[~2020-08-26  1:44 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-13 19:48 Temporary credentials timeout during long operations Peterson, Alex
     [not found] ` <>
     [not found]   ` <>
2020-08-26  1:44     ` brian m. carlson [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).